8
CVE-2017-1000086
- EPSS 0.09%
- Veröffentlicht 05.10.2017 01:29:03
- Zuletzt bearbeitet 20.04.2025 01:37:25
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, the plugin was not requiring requests to its API be sent via POST, thereby opening itself to Cross-Site Request Forgery attacks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jenkins ≫ Periodic Backup Version1.0 SwPlatformjenkins
Jenkins ≫ Periodic Backup Version1.1 SwPlatformjenkins
Jenkins ≫ Periodic Backup Version1.2 SwPlatformjenkins
Jenkins ≫ Periodic Backup Version1.3 SwPlatformjenkins
Jenkins ≫ Periodic Backup Version1.4 SwPlatformjenkins
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.09% | 0.266 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8 | 2.1 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.